If you’ve ever seen me at a WordCamp, you’ve probably heard me answer this question, and likely more than once. When it comes to malware scanning on a WordPress website, what makes the SiteLock® malware scanners different from the competition? Well, scanners simply are not created equal. My go-to short answer is typically explaining one of our scanners’ “killer features,” like its ability to automatically remove malware.
Tag: Malware removal Page 2 of 3
When you think of websites being infected with malware, what types of sites come to mind? Pharmaceutical sites, porn sites or sites that bombard you with pop-up ads? While these sites could very well be malicious, you’re actually more likely to run into malware while visiting one of your typical, everyday e-commerce or news sites. Today, 75 percent of legitimate websites are at risk of malware. Malware, also known as malicious software, is designed to harm a website and its visitors.
You know that awkward moment when you’re screen sharing with your boss and a Viagra ad appears on your screen? It’s difficult to rebound from an embarrassing moment like that, even when you did nothing to prompt it. These “pharma” hacks happen all the time, and it is just one example of what can happen when a site falls victim to cyberattacks. Luckily, the team at SiteLock is here to help you avoid these rather uncomfortable situations.
SiteLock offers comprehensive, cloud-based website security solutions to businesses of all sizes. We protect websites from a multitude of attacks and threats, pharma hacks being just one example. Check out our video to learn more about who we are, what we do and how some of our products work.
Identifying and cleaning malware is part of our everyday life here at SiteLock, and we know for many website owners cybersecurity can be an intimidating topic. That’s why we thought we’d share a simple case of what a common infection looks like, and demonstrate how SiteLock finds, fixes, and prevents malware.
During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.
Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.
Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.
So many malware threats, so little time. We’ve rounded up the eight most dangerous malware threats every business needs to be aware of.
1. Banking Trojans
From Citadel to Zeus, banking Trojans have proven to be some of the most potent and profitable malware tools. This malware focuses on stealing bank account logins, which in turn can be used to steal whatever is in those accounts. It is believed that Zeus alone has been used to steal more than $120 million from compromised accounts.
2. Backdoor Trojans
Backdoor Trojans are designed to give hackers the very same access and rights to a computer or network as the administrator in charge of managing them. Which means hackers can do a lot of damage over an extended period – from stealing information and deleting files to changing passwords and modifying security settings.
Keyloggers have once again become a favored tool of cybercrooks. They’re designed to steal anything that’s typed on a keyboard and even on a touch screen. In recent tests, only one of 44 of the most popular antivirus software products in current use was able to detect even the simplest keylogger.
Ransomware like Cryptolocker is also on the rise, and researchers claim that the malware has been so successful in making money for its creators that it’s likely to spawn lots of copycats. Ransomware makes money by encrypting all the data on an infected computer and then charging a fee or ransom to release that data back into the custody of its owners. One small cyber gang is believed to have made more than $27 million using Cryptolocker.
5. Exploit Kits
Exploit kits can include Trojan downloaders and droppers and are really the road crew of the malware industry. Their job is not so much to commit the crimes but set them up. Once installed on a victim computer or network, they give the criminals the options of what kind of malware they want to upload. In 2013, the Blackhole Exploit Kit was most commonly used to deliver the Zeus banking Trojan.
Bots are tiny pieces of malware, at least compared to their malware cousins described above. And unlike their cousins, they’re not specifically designed to attack the host computers they infect. Instead, bots take control of the infected computers, sometimes millions of infected computers at a time, to assist in other crimes. Those crimes could be to share or hide stolen information, distribute child pornography, or attack other computers.
7. Drive-by Downloads
Drive-by downloads, like APTs, are not really malware but attacks designed to help malware. They don’t necessarily break into the bank, just cut the hole in the roof for others to climb through. Vulnerable websites are infected with malware that’s not designed to attack the website itself, but to spread the malware to visitors to that site. Once recent report found that crooks now prefer to spread malware through websites versus email by a ratio of 5-1 because it’s much more effective.
8. Advanced Persistent Threats
Advanced Persistent Threats, or APTs, may not really be a type of malware either but a type of attack that usually involves malware. And usually the most sophisticated kind. APTs have been growing in popularity because they work, and get their name because the attackers will often pick very specific targets and attack them relentlessly over a long period and using some very sophisticated attack tools. Some companies and even individuals targeted by APTs have been attacked as often as thirty times in thirty days.
Constant vigilance and layers of security are your best defense against malware. It’s much more cost-effective to put security in place proactively rather than react after an attack. SiteLock’s website security solutions can find and even automatically remove malware, as well as block malicious traffic from accessing your website in the first place. Call our security experts today at 877.563.6200. We are available 24/7 to help.
Oh, what a year it was for insecurity, and especially for the small business. It wasn’t as though we didn’t already know – that small businesses were firmly in the crosshairs of hackers. But early in the year Verizon put the final stamp on it. In its annual Data Breach Investigations Report, published at the beginning of 2013, Verizon revealed that businesses with fewer than 100 employees made up the single largest group of victims of data breaches. That conclusion was supported by other security studies around the same time that found small businesses suffered the most cyber attacks.
Perhaps the single biggest and most dangerous change in threats came in the world of malware delivery. For years, hackers and malware authors had used the same ways to deliver and spread their malware. Email and spam were by far the most popular. It was easy to buy hundreds of millions of email addresses, pack them with phishing messages, and attach a nasty malware payload.
And even if most users didn’t fall for the scam, even a small percentage of hundreds of millions was enough to make the attacks very lucrative for criminals. But as more users got the message, and began to grow more reluctant to open email attachments they weren’t expecting, many thought the malware industry was on its last legs. After all, how else could you get the goods to market?
So hackers had to choose a new way to deliver and spread malware. And they found it in small business websites. Every month, thousands of poorly protected websites are hijacked by hackers who use vulnerabilities in these sites to install malware. That malware is then spread to visitors to those websites, as well as attack other websites, and so continue the spread of malware.
And if you think that simply relying on antivirus software will get you through safely, there’s some more bad news. Some reports have suggested that today’s antivirus software can detect very few of the most dangerous types of malware – the stuff you really want to avoid. And the New York Times can testify to that. Early in 2013, Chinese hackers were easily able to breach the extensive defenses the Times had in place. Out of 45 different types of malware the Chinese used to attack the newspaper, the Times’ own security and virus protection detected only one.
But Chinese hackers weren’t just targeting big businesses like the New York Times. In September, the Huffington Post reported that Chinese hackers were actively targeting small businesses in the U.S., from pizza restaurants to medical clinics.
According to the Huffington Post, “The hackers find computer systems to take over by using tools that scan the web for Internet-connected PCs with software vulnerabilities they can exploit. Small businesses are popular targets because they often have lax security.”
And the year didn’t end too well either. When security researchers discovered more than 2 million stolen passwords on a hacker server in December, a piece of malware called a keylogger was suspected. That very same week, other security researchers found that out of 44 popular antivirus products tested, only one was able to detect a keylogger.
Which probably explains why an estimated $5 billion was siphoned from U.S. bank accounts in 2012 by cybercrooks using malware like keyloggers. And if any of those were business accounts, the business owners were probably on the hook for all the losses.
So safe to say (no pun intended) that 2013 was not a good year for business security, and especially for small business security. And we don’t predict much improvement over the next twelve months. It’s now clear that small businesses are the favorite target for the worst kinds of hackers. Whether it’s to steal your personal and customer information, break into your bank account, or use your website to host a variety of very dangerous malware, your small business may be getting all the wrong attention from all the wrong visitors.
So let’s make 2014 the year you take back your security and peace of mind. Security isn’t hard, no matter how sophisticated hackers and their tools have become. There are plenty of ways you can protect your business and your website, and make it just hard enough for hackers to decide that you’re just not worth the effort and that they should move on to small businesses that are doing little about security. It’s like locking your car and closing the windows while being parked next to a convertible with the top down. The easy target gets attacked first, and you’re at least lower on the radar by showing your security awareness.
If you make just one security choice this year, make it your website. Securing your website is simple and affordable, and yet it’s the single best way to protect your business, your customers, and any visitors to your site. And you’ll also help slow the spread of malware to other users and sites, which is one in the eye for the bad guys.
And remember that as a SiteLock customer you get more than prevention. SiteLock will work with you to address any website security issues that crop up, including malware removal, if any is detected on your site. And as always, our security advice – the best in the business – is always free, and we are here around the clock whenever you need support.
If you’re a frequent reader of this blog, then you’ll know that our expertise and advice goes far beyond just protecting your website. All good security has to be holistic, which is why we offer no-nonsense advice on a variety of security topics that can impact your business, from security policies and planning, to employee education, malware prevention, data privacy and security, and much more.
Our goal for 2014 is to be the best security partner for online businesses. We hope that, even if SiteLock is not your chosen security provider, website security is on your list of goals for 2014 as well. To get started on meeting this goal call SiteLock at 855.378.6200.
Well, I’m not really sure where to begin. Not only was it the first time I’ve received a letter asking me for website security for Christmas, but also the very first letter I’ve ever received from a website. And trust me, I’ve been doing this for quite a while, long before that internet thingy I started for Al Gore.
I am very sorry to hear how worried you are about security, and especially hackers and malware. Not really for yourself, but for your owner. I know that most business owners are so busy building their dream, they sometimes forget that there are some very bad people out there who can too easily steal it all.
I have to admit, I wasn’t really sure where to start. If you’d asked me for a Kindle or an “i” something-or- other, or even just a toy or a scarf, that would be easy. But I feel a little like most business owners do, not really knowing how to protect you and even where to start.
But when I had some downtime on my sleigh (don’t worry – it has cruise control, so it was perfectly safe), I did some research and I hope you’ll be happy with what I came up with.
So here it goes:
You said you wanted someone to watch over you. Well, while I’d love to be able to do that, you understand I have my own full-time job, even in the off-season. So I sent your owner a very nice letter advising her that the best thing she could do for herself (and for you) was to sign up for SiteLock so that you aren’t so vulnerable to all those hackers and malware removal is automatic.
I love giving gifts like that. They’re not extravagant so there’s no need to feel guilty. They’re very simple to use, so your owner doesn’t have to spend her holidays pouring over an instruction manual or looking for batteries. And once you switch it on, SiteLock will guard you and your business around the clock, from the most advanced threats and determined hackers.
So what was next? Oh yes, better passwords. I hear that. It’s a nightmare for my toy business. Who knew so many employees, elves especially, are so careless with important passwords? Like FTP. I mean, why have a lock on the front door of your business if you insist on leaving the keys in it?
But I’ve got you covered. I sent every employee a password manager (don’t worry, some of the best are free). Now they can create and protect the most complex of passwords, and store them all in one safe place. So not being able to remember all those big and clumsy passwords is no excuse. And some of these programs will even remind you when it’s time to update your passwords, so forgetting is not an issue either.
Let me see, what else did you ask for? Sorry, my memory isn’t what it used to be. Oh yes, you wanted to get rid of all that outdated content and code on your website because you think it’s slowing you down. Tell me about. Every year about this time, when the rush dies down, we promise to tidy up the place so that we can run more efficiently as we prepare for next year.
And every year that resolution goes out the door as quick as Christmas itself. Not to worry. I created a special note just for your webmaster. In exchange for his list, I gave him a list, too. It’s pretty simple. I told him to go through every page of the site and remove any outdated content and images, and clean up or remove outdated code — we all know how dangerous that can be.
I also told him to get a patching and updating regimen in place so that all critical patches are installed as soon as they’re available, and outdated software and plugins don’t leave you vulnerable.
I think that’s it. Hope I’m not missing anything. When I think about it, I wish every website would send me a letter like this. I can easily find their owners and lean on them a little.
I mean, if this is the season of goodwill and joy, why shouldn’t it start with your website, the face of your business? For more information, just ask the experts at SiteLock. Give them a call at 855-378-6200. They’re available 24/7 to help.
When you purchase a new PC, you wouldn’t dream of connecting to the Internet without having an antivirus tool in place. Because it’s fairly common knowledge that the pace of growth and infection of viruses and attacks that affect personal computers is increasing rapidly and they can do serious damage. PC viruses and malware are often looking for personal information, like credit card data, that can be used for criminal and fraudulent activities.
To counteract the PC infection and theft that viruses and malware can cause, anti-virus tools have a sophisticated knowledge base of active threats. And they continuously look out for computers that have out-of-date antivirus software so they can update it automatically to protect PC owners and their computers from new threats as they are discovered.
Even just thinking about protecting your business from all the cyber threats it faces can be daunting. Where do you begin? Do you start with your website, or is it something more basic like having a security plan? Do you train your employees or lock down every computer and let technology do the work? If critical data has to be protected, which data first? Which data most?
It’s this very scenario that creates the biggest security vulnerability for most small businesses. When building an effective security program for your business begins to look like a much bigger mountain to climb, especially as you get closer, you put the project off until another day. And in the meantime, hackers can have a field day.